Industry recognition

No prohibited data storage

Data encryption via the Braintree Vault

Cardholder data is managed in the Braintree Vault, using multiple encryption keys with split knowledge and dual control. A data thief would not be able to make use of information stolen from a database without also having the key. This data store cannot be connected to via the internet. We also offer secure data migration to the Braintree Vault.

Authentication and session management

We require users to authenticate every time they log into the Control Panel. Passwords are never stored directly in the database, and all API and Control Panel communication between merchants and Braintree is conducted using TLS (Transport Layer Security).

Activity monitoring and testing

We review and observe employee, customer, and vendor activity to guard against suspicious or unauthorized activities. We conduct automated vulnerability scans at least quarterly, and at least once a year we have extended penetration testing conducted by outside sources.

The PayPal service is provided by PayPal Australia Pty Limited (ABN 93 111 195 389) which holds Australian Financial Services Licence number 304962. Any information provided is general only and does not take into account your objectives, financial situation or needs. Please read and consider the Combined Financial Services Guide and Product Disclosure Statement before acquiring or using the PayPal service.